CA SSO provides functionality that a user is completely logged off from a user session.

A file "msrlogout.fcc" exists under the <webagent_install>/samples/forms directory.

The content of "msrlogout.fcc": 

What functionality does the file "msrlogout.fcc" provide?

There is a well known ACO parameter LogOffUri to log off a user from the session.

On the other hand, Web Agent Configuration Guide explains "Comprehensive Log Out using FCC Forms". The file "msrlogout.fcc" is an example of it. This method provides an alternative to the LogoffUri parameter.

This file contains both the @smlogout directive and the @target directive. When the user retrieves the logout file, they are logged out and redirected to the location specified in the @target directive.

The user may access the below URL to log off the session.

http://servername.example.com/siteminderagent/forms/msrlogout.fcc

As a summary, in order to enable log off function, you may make use of either LogOffUri OR FCC Forms, but not mixed. (i.e., do not set msrlogout.FCC to LogoffURI.)

Notes:

1. When logged off by FCC Forms such as "msrlogout.fcc", the trusted host name is written in audit log (smaccess.log), instead of agent name.
   AuthLogout PS20 [05/Jun/2017:10:43:15 +0900] "192.168.50.20 Robm" "iis-trustedhost" [] [41]  [] []
   
2. If you want to log off a user from multiple cookie domains, use an ACO parameter LogOffUri as documented in "Configure Full Logoff".

Documentation: Comprehensive Log Out

• See the section "Configure Full Logoff" for ACO parameter LogOffUri .
• See the section "Configure Comprehensive Log Out using FCC Forms" for FCC based method.

Community page: SiteMinder logout flow